Netwalker Ransomware

The Netwalker Ransomware is a file-locking Trojan that encrypts your PC's media before delivering a demand for a ransom in exchange for giving victims the unlocking service. The Trojan is an update of its immediate predecessor, the Mailto Ransomware, and may use Coronavirus-themed e-mails for infecting victims. Users can maintain standard safety guidelines for interacting with e-mail attachments, have their anti-malware products delete the Netwalker Ransomware, and keep backups for recovery.

What's Walking Right into Your PC for Your Files

The Kazkavkovkiz Ransomware's transmutation into the Mailto Ransomware is becoming just a stepping stone towards another, even more, ominous campaign. The latest variant of the file-locker Trojan, the Netwalker Ransomware, is using the COVID-19 virus as its vehicle for getting into user's computers rather than their bodies. However, it joins what malware experts see as a quickly-swelling group of Trojans doing likewise, including the CoronaVirus Ransomware, the CovidLock Ransomware, NanoBot, the SpyMax RAT, and even attacks from the Vicious Panda APT.

Characteristics of the Netwalker Ransomware aren't very different from those of competing Ransomware-as-a-Service entities. The Windows program uses AES encryption (a favorite algorithm for Trojans of its kind) for 'locking' files, and secures it with a key, making it impenetrable to third parties. An odd change that the Netwalker Ransomware has from its previous ancestors is the omission of an anti-malware product-terminating feature; this change reduces its risk of detection, even though it makes it more vulnerable to removal afterward.

The installation strategy for the Netwalker Ransomware uses e-mail messages for compromising both government networks and enterprise-level businesses, such as Illinois's CHUPD network breach. Unlike many Trojans employing similar themes, the Netwalker Ransomware's e-mail attachment doesn't obfuscate the extension or format of the file, which is a Visual Basic Script or VBS. The threat actor opted to embed the Netwalker Ransomware inside of this Trojan dropper instead of requiring a network connection for retrieving it from the attacker's server.

Having a Healthier Computer During a Pandemic

The changes that the Netwalker Ransomware offers to its modus operandi show how the threat actor is prioritizing anti-analysis efforts. Another possibility is that the Netwalker Ransomware's installation is occurring after the hacker disables any interfering security software, which is likelier in the event of, for instance, a brute-force network breach. Regardless of these differences from the past Mailto Ransomware, the Netwalker Ransomware still is a problem for non-backed-up files: its encryption isn't reversible with freeware.

Secure backups are the only non-ransom-based way of recovering any of the files that the Netwalker Ransomware encrypts and holds for ransom, such as text documents, images, and server databases. While the threat actor is offering a free demonstration for a single file, paying has no certainty of giving back the decryption feature. Networks also may implement additional safety protocols, such as restricting admin privileges, for lowering the risk of large-scale data loss.

Anti-malware products that are proven effective against the Mailto Ransomware and the Kazkavkovkiz Ransomware should retain their effectiveness for uninstalling the Netwalker Ransomware or blocking installation exploits. Admins also can prevent attackers from compromising their networks through brute-force methodology by using appropriate password choices.

While the climb in Coronavirus-abusing Trojans rivals the scope of the disease's victims scarcely, file-locking Trojans are a pandemic unto themselves. On the other hand, the cure is simple and free for all: keep a good backup.